The Weakest Link Human Behaviour and the Corruption of Information Security Management in Organisations - an Analytical Framework
(2008) 2nd International Multi-Conference on Society, Cybernetics and Informatics p.94-99- Abstract
- In this paper we introduce the norm-injection analysis framework, a construct which can be employed to aid analysis of processes that affect information security management (ISM) in organisations. The underpinnings of this framework draw on and evolve - theories about how apparently mundane organisational processes, particularly managerial demands on employees, may in some instances lead to undesired, perhaps calamitous, consequences. Because the mechanisms between input (demand) and the adverse consequences work by gradually accruing and multiplying Subtle communication "problemettes" into major problems, they are almost undetectable to the untrained eye. Breaches of ISM protocol may appear wholly mysterious to the crash investigators... (More)
- In this paper we introduce the norm-injection analysis framework, a construct which can be employed to aid analysis of processes that affect information security management (ISM) in organisations. The underpinnings of this framework draw on and evolve - theories about how apparently mundane organisational processes, particularly managerial demands on employees, may in some instances lead to undesired, perhaps calamitous, consequences. Because the mechanisms between input (demand) and the adverse consequences work by gradually accruing and multiplying Subtle communication "problemettes" into major problems, they are almost undetectable to the untrained eye. Breaches of ISM protocol may appear wholly mysterious to the crash investigators brought in to analyse, post-event, what went wrong. The norm-injection analysis framework is intended to shed light on these below-the-radar processes, and to supplement the tool set an organisation analyst has at his disposal when preparing or evaluating strategic ISM measures. (Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/1375206
- author
- Sundström, Mikael
LU
and Holmberg, Robert LU
- organization
- publishing date
- 2008
- type
- Chapter in Book/Report/Conference proceeding
- publication status
- published
- subject
- host publication
- IMSCI '08: 2nd International Multi-Conference on Society, Cybernetics and Informatics, Vol III, Proceedings
- pages
- 94 - 99
- publisher
- International Institute of Informatics and Systemics
- conference name
- 2nd International Multi-Conference on Society, Cybernetics and Informatics
- conference dates
- 2008-06-29 - 2008-07-02
- external identifiers
-
- wos:000263668200020
- scopus:84896600497
- language
- English
- LU publication?
- yes
- id
- 9e3dfa12-5f06-4892-bc6a-3a9f7cd92036 (old id 1375206)
- date added to LUP
- 2016-04-04 12:18:14
- date last changed
- 2022-01-29 23:14:13
@inproceedings{9e3dfa12-5f06-4892-bc6a-3a9f7cd92036, abstract = {{In this paper we introduce the norm-injection analysis framework, a construct which can be employed to aid analysis of processes that affect information security management (ISM) in organisations. The underpinnings of this framework draw on and evolve - theories about how apparently mundane organisational processes, particularly managerial demands on employees, may in some instances lead to undesired, perhaps calamitous, consequences. Because the mechanisms between input (demand) and the adverse consequences work by gradually accruing and multiplying Subtle communication "problemettes" into major problems, they are almost undetectable to the untrained eye. Breaches of ISM protocol may appear wholly mysterious to the crash investigators brought in to analyse, post-event, what went wrong. The norm-injection analysis framework is intended to shed light on these below-the-radar processes, and to supplement the tool set an organisation analyst has at his disposal when preparing or evaluating strategic ISM measures.}}, author = {{Sundström, Mikael and Holmberg, Robert}}, booktitle = {{IMSCI '08: 2nd International Multi-Conference on Society, Cybernetics and Informatics, Vol III, Proceedings}}, language = {{eng}}, pages = {{94--99}}, publisher = {{International Institute of Informatics and Systemics}}, title = {{The Weakest Link Human Behaviour and the Corruption of Information Security Management in Organisations - an Analytical Framework}}, url = {{https://lup.lub.lu.se/search/files/5974349/1543150.pdf}}, year = {{2008}}, }